The four-month proof-of-concept program may lead the way to better solutions for data sovereignty, privacy and protection.
In a demonstration of how personal ID info can be safely and securely transacted, distributed and linked between different industries online, two financial institutions and a tech firm in Japan have launched a four-month trial involving proprietary blockchain methods.
Through this trial, JCB and Mizuho Bank (financial institutions) and Fujitsu (the technology supplier) are pitching a new service model that will make it easier and safer for personal data to be used and managed by both business operators and customers.
This new trust-based service model will enable each company to mutually-cooperate, authenticate and update customer ID information held by each company under customer sovereignty.
The aim is to build a safe, secure and customer-centric digital ecosystem in order to extract maximal value from data with greater convenience, security and sovereignty.
Trial agenda
In recent years, much thought has been given to how individual data acquired and managed by one service provider can be utilized and distributed among other service providers to enable more convenient and personalized services and products.
However, such personal data can and have been misappropriated and plagued by unauthorized access, breaches and non-compliance with data privacy and protection laws. There is also a growing demand for business operators to be able to definitively prove the reliability of their business partners.
With the continued proliferation of digitalization and collection of personal data through 5G, IoT and emerging solutions, it is essential to manage data with greater security and reliability, while at the same time increasing the value of the shared data in accordance with all applicable local and international laws.
If a service business or user conspires with a third party to act in bad faith, it is possible to falsify a person’s history or credentials, creating the risk that this falsified information will spread very widely without being discovered. Moreover, as the number of users exchanging the falsified data increases, it becomes more difficult for to pinpoint the source of the maleficence.
Therefore, this necessitates building a system whereby users can evaluate for themselves the authenticity of the identity data of the other parties in the transaction from end to end.
For that purpose, two Japanese firms JCB and Fujitsu, together with a third company, Mizuho Bank, have been conducting joint research on enhancing personal data management since 2019. They describe the project as an ‘interoperability model of identity information’ that improves the management and reliability of information held by multiple parties. Their research has culminated in the current trial program.
Building on blockchain
In the four-month trial (October 2020 to January 2021), approximately 100 Fujitsu Group employees in Japan will participate in a program where their personal data—names, addresses, and employers—will be issued as electronic certificate
- These e-certificates are then stored on a cloud using a Fujitsu’s self-sovereign and decentralized digital identity exchange technology (Decentralized Identification or DID in short form) that utilizes a blockchain solution from the tech firm’s subsidiary laboratories.
- Participants will then freely combine or encrypt the electronic certificates they receive from JCB and Mizuho Bank, in order to link their own identities online in a secure and reliable method, to other businesses (JCB or Mizuho Bank).
- Through this pilot project, Fujitsu, JCB, and Mizuho Bank will confirm the accuracy of the personal data held by multiple business operators and verify the mechanism by which customers can safely and securely control the distribution of such data.
- Through the use of blockchain algorithms, an ‘impartial third party’ guarantees the accuracy of a given individual’s identity and personal credentials.
- Notably, owners of the personal data can have their credentials verified with only a partial disclosure of relevant data, allowing for safe and highly-reliable transactions without being forced to offer unnecessary personal details or data they prefer to remain undisclosed.
- Finally, the system converts all trustworthy transaction data shared on the blockchain into a graphical structure so that the relationships between users can be understood. A trustworthiness score is attached to each user by weighting factors such as how many other trusted users have rated the data quality highly. Even if a user colludes with a third party to raise the trust rating artificially, the graph-structured relationships will reveal the weakness of relationships with other users, giving the system the potential to identify misrepresentations.
The trust-based DID service model is supposed to enable the safe and voluntary distribution of personal data provided by businesses and other third parties. It can be used for the distribution of identity information between service providers with the assurance that all the data is authentic, accurate and compliant with privacy laws. Owners of that data (the participants of this trial) will have continual control and awareness of the use of such data by the service providers.
Not just for the financial sector
Upon contingent success, the trial will set the tone for establishing the requirements for building and finetuning such a persona; data management system and specify the training required to operate it.
Going forward, the group will consider innovative service models best suited to such an information management workflow, regardless of the industry or sector. The trust-based service platform can then be commercialized across the world.